- 01 May, 2024 3 commits
-
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
- 30 Apr, 2024 2 commits
-
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
- 29 Apr, 2024 3 commits
-
-
Dag Haavi Finstad authored
-
Nils Goroll authored
-
Walid Boudebouda authored
-
- 22 Apr, 2024 1 commit
-
-
Dridi Boukelmoune authored
The opposite of 'EXP_Ttl(req, oc) > req->t_req' should not have been 'EXP_Ttl(NULL, oc) < req->t_req'. If we somehow enter the lookup when the two operands are equal, the objcore suffers a phenomenon known as Schrödinger's expiry. The chances of running into this scenario range from epsilon to 100%. Because 't_req' is stable across restarts, a soft purge will reliably trigger this case. Test case by Alve Elde who first demonstrated the problem.
-
- 09 Apr, 2024 1 commit
-
-
Poul-Henning Kamp authored
-
- 08 Apr, 2024 1 commit
-
-
Stephane Cance authored
As both the varnish working directory and the secret file may pre-exist, this ensures permissions remain restrictive on it.
-
- 04 Apr, 2024 4 commits
-
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
There's no way to probe the current push status or maximum frame size.
-
Dridi Boukelmoune authored
Except that the old default value replaces the maximum one. Aligning with the literal maximum value for the underlying HTTP/2 setting breaks 32bit builds because the byte tweaks take a detour via ssize_t. When it casts to uintmax_t the MSB is propagated all the way, triggering the following error at build time: > 4294967295b is too large for this architecture. Instead of fighting a tweak that is clearly wrong, grant h2 clients a maximum of 2GB of uncompressed headers (instead of 4GB) that will never happen, because h2 is overall much wronger.
-
Dridi Boukelmoune authored
-
- 29 Mar, 2024 14 commits
-
-
Dridi Boukelmoune authored
This parameter has a new role that consists in interrupting connections when decoding an HPACK block leads to a header list so large that the client must be stopped. By default, too large is 150% of http_req_size.
-
Dridi Boukelmoune authored
Since http_req_size was already established for this purpose, and is now enforced for h2 traffic, it should naturally become the basis for the MAX_HEADER_LIST_SIZE setting in the initial SETTINGS frame sent to clients. The h2_max_header_list_size parameter will grow a new purpose.
-
Dridi Boukelmoune authored
With the exception of h2_max_header_list_size that is not advertised as such despite being ent as part of the initial SETTINGS frame. The same parameter also sees its default and maximum values updated to 2^32-1. This is based on this sentence from rfc9113: > The initial value of this setting is unlimited. This aligns the h2_max_header_list_size parameter with the values set in h2_settings.h for MAX_HEADER_LIST_SIZE.
-
Dridi Boukelmoune authored
For the sole purpose of having these limits tested in a single place.
-
Dridi Boukelmoune authored
Fixes #3709 Closes #3892
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
Refs #3709
-
Dridi Boukelmoune authored
It does a first pass on header names and values, and only logs errors, so the signature is updated accordingly and the call site is moved into h2h_addhdr().
-
Dridi Boukelmoune authored
Better diff with the --ignore-all-space option.
-
Dridi Boukelmoune authored
It became explicit in rfc9113: > The same pseudo-header field name MUST NOT appear more than once in a > field block. While at it, the duplicate pseudo-header error can be consolidated in a single location instead of adding one more branch.
-
Dridi Boukelmoune authored
Instead of passing both a decoder and individual decoder fields, the signature for h2h_addhdr() changed to only take the decoder. The order of parameters is destination first, then the source following the calling conventon of functions like memcpy(). Internally the function is reorganized with a bunch of txt variables to keep track of the header being added, its name and value. In addition to clarity, this also helps improve safety and correctness. For example the :authority pseudo-header name is erased in place to turn it into a regular host header, but having a dedicated txt for the header name allows its preservation.
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
The extra space before the colon looked uncanny. The rest is just code indentation improvements. Better diff with the --ignore-all-space --word-diff options.
-
- 25 Mar, 2024 3 commits
-
-
AlveElde authored
When a stale object is soft-purged, the time until the object expires should not be reset, as repeated soft-purges could keep the object around indefinitely.
-
AlveElde authored
This commit introduces EXP_Reduce(), a function to reduce object timers. The goal is to provide a function better suited to soft-purging objects, as EXP_Rearm() has some non-obvious disadvantages when used or this purpose. When EXP_Rearm() is used to soft-purge an object by setting its TTL to 0, the expiry is effectively reset to the start of the objects grace period. This happens because the object TTL includes a time delta between object insertion time (oc->t_origin) and now. The result is that a soft-purge extends the lifetime of an already stale object, and repeated soft-purges can keep the object away from expiry indefinitely. The EXP_Reduce() function is better suited for soft-purging, as it only updates an objects TTL if it would reduce the objects lifetime. The function also has facilities for reducing grace and keep.
-
Dridi Boukelmoune authored
-
- 20 Mar, 2024 1 commit
-
-
Walid Boudebouda authored
If a format never matches anything, the 4294967296th transaction proccessed by varnishncsa will wrap its generation around to zero, be considered a match, and let vsb_fcat() pass a null string to VSB_quote().
-
- 19 Mar, 2024 1 commit
-
-
Dridi Boukelmoune authored
Better diff with the --word-diff --word-diff-regex=. options.
-
- 18 Mar, 2024 6 commits
-
-
Dridi Boukelmoune authored
-
Simon Stridsberg authored
Releasing 7.5.0
-
Simon Stridsberg authored
-
Dridi Boukelmoune authored
-
Dridi Boukelmoune authored
Before the h2 frame dispatch we only need to check that coming from a HEADERS frame the very next frame is a CONTINUATION, when the HPACK block didn't fit in the former. The CONTINUATION dispatch will then make the stream consistency check.
-
Dridi Boukelmoune authored
-